CN112398798B

CN112398798B - Network telephone processing method, device and terminal

Info

Publication number: CN112398798B
Application number: CN201910763086.6A
Authority: CN
Inventors: 刘福文; 杨波; 王珂
Original assignee: China Mobile Communications Group Co Ltd; China Mobile Communications Ltd Research Institute
Current assignee: China Mobile Communications Group Co Ltd; China Mobile Communications Ltd Research Institute
Priority date: 2019-08-19
Filing date: 2019-08-19
Publication date: 2022-10-14
Anticipated expiration: 2039-08-19
Also published as: WO2021031741A1; CN112398798A

Abstract

The invention provides a network telephone processing method, a network telephone processing device and a network telephone processing terminal, and relates to the technical field of communication. The method is applied to the called terminal and comprises the following steps: receiving a message for inviting a network call sent by a calling terminal, wherein the message carries first signature information and identification information of the calling terminal, and the first signature information is signature information for signing a message header of the inviting network call; inquiring a block chain certificate of the calling terminal according to the identification information of the calling terminal; and verifying the first signature information according to a public key in the block chain certificate of the calling terminal, and establishing network telephone connection with the calling terminal when the verification is passed. The scheme of the invention solves the problem of mutual communication among multiple CAs in the prior network telephone.

Description

Network telephone processing method, device and terminal

Technical Field

The present invention relates to the field of communications technologies, and in particular, to a method, an apparatus, and a terminal for processing a network telephone.

Background

With the recent rise of internet protocol address IP access to the public switched telephone network PSTN, inexpensive IP-based client protocols (such as session initiation protocol SIP) are replacing expensive traditional telephony services (such as the integrated services digital network ISDN). Inexpensive voice over IP (VoIP) telephony services are now becoming commonplace. The bearer of the PSTN is also moving towards IP-based.

Currently, as shown in fig. 1, the security mechanism in the network phone is to identify the identity of the initiator of the SIP request, and the identification process is as follows:

(1) The SIP client a sends a SIP invite message to the authentication server.

(2) The authentication server signs the SIP invite message header and places the signature and an address indicating the authentication server certificate in the newly defined identity field.

(3) The authentication server sends the signed invitation message to the verification server.

(4) The verification server is connected to the public key infrastructure PKI according to the address of the certificate of the authentication server to obtain the certificate of the authentication server.

(5) The verification server verifies the signature by using the public key in the certificate of the authentication server, and after the verification is successful, the verification server sends an SIP invitation message to the SIP client B.

Therefore, in the security mechanism of the current internet phone, the SIP client must trust the authentication server and the verification server, so that the multi-certificate authority CA has the problem of mutual trust between CAs.

Disclosure of Invention

The invention aims to provide a network telephone processing method, a device and a terminal, which solve the problem of mutual communication among multiple CAs in the existing network telephone.

In order to achieve the above object, an embodiment of the present invention provides a method for processing a network telephone, which is applied to a called terminal, and includes:

receiving a message for inviting network call sent by a calling terminal, wherein the message carries first signature information and identification information of the calling terminal, and the first signature information is signature information for signing a message header of the inviting network call;

inquiring a block chain certificate of the calling terminal according to the identification information of the calling terminal;

and verifying the first signature information according to the public key in the block chain certificate of the calling terminal, and establishing network telephone connection with the calling terminal when the verification is passed.

Optionally, the querying, according to the identification information of the calling terminal, a blockchain certificate of the calling terminal includes:

if the called terminal is a user terminal storing a complete block chain, inquiring a block chain certificate of the calling terminal in the stored complete block chain according to the identification information of the calling terminal;

if the called terminal is a user terminal storing a lightweight block chain, after the called terminal is linked to a trusted terminal storing a complete block chain, the block chain certificate of the calling terminal is inquired in the stored complete block chain according to the identification information of the calling terminal.

Optionally, the identification information of the calling terminal includes a user name of the calling terminal, where the user name is complete identity information or a hash value of the complete identity information;

the querying, according to the identification information of the calling terminal, a block chain certificate of the calling terminal in the stored complete block chain includes:

and initiating the query of the block chain certificate of the calling terminal to the complete block chain according to the user name of the calling terminal.

Optionally, the blockchain certificate includes: username type, username properties, username, public key, validity period, certificate status, and extension.

In order to achieve the above object, an embodiment of the present invention provides a method for processing a network telephone, which is applied to a calling terminal, and includes:

signing a message header inviting network communication to obtain first signature information;

sending a message for inviting a network call to a called terminal, wherein the message carries the first signature information and the identification information of the calling terminal, and the identification information is used for the called terminal to inquire a block chain certificate of the calling terminal and verify the first signature information;

and establishing the network telephone connection with the called terminal when the verification is passed.

Optionally, before the sending the message for inviting the network call to the called terminal, the method further includes:

generating a blockchain certificate of the calling terminal;

if the user name in the block chain certificate of the calling terminal is complete identity information, signing the block chain certificate of the calling terminal by using a private key to obtain second signature information, broadcasting the block chain certificate of the calling terminal and the second signature information on a block chain network, and storing the block chain certificate of the calling terminal in a block chain through a bookkeeping node of the block chain;

if the user name in the block chain certificate of the calling terminal is the hash value of the complete identity information, signing the block chain certificate of the calling terminal and the complete identity information by using a private key to obtain third signature information, broadcasting the block chain certificate, the complete identity information and the third signature information on a block chain network, and storing the block chain certificate of the second terminal in the block chain through an accounting node of the block chain.

In order to achieve the above object, an embodiment of the present invention provides a network telephone processing method, which is applied to a network terminal, where the network terminal is an accounting node of a block chain, and the method includes:

acquiring a block chain certificate and second signature information broadcast by a user terminal on a block chain network; or, the blockchain certificate, the complete identity information and the third signature information;

initiating identity verification to the user terminal under the condition that the second signature information or the third signature information passes verification and a block chain certificate corresponding to the user terminal is not stored in a block chain or is invalid;

and after the identity authentication is successful, storing the block chain certificate of the user terminal in a block chain, wherein the block chain certificate is used for authenticating the signature information in the message which is sent by the user terminal and used for inviting the network call.

Optionally, the initiating authentication to the user terminal includes:

embedding short message receiving and sending equipment in a block chain system, and sending a short message verification code to the user terminal through the short message receiving and sending equipment according to the complete identity information of the user terminal; alternatively, the first and second electrodes may be,

and triggering external short message transceiving equipment to send a short message verification code to the user terminal according to the complete identity information of the user terminal.

Optionally, the blockchain certificates each include: username type, username properties, username, public key, validity period, certificate status, and extension.

Optionally, the user name is complete identity information or a hash value of the complete identity information.

In order to achieve the above object, a network telephone processing device applied to a called terminal includes:

the system comprises a receiving module, a sending module and a receiving module, wherein the receiving module is used for receiving a message which is sent by a calling terminal and used for inviting a network call, the message carries first signature information and identification information of the calling terminal, and the first signature information is signature information for signing a message header of the inviting network call;

the query module is used for querying the block chain certificate of the calling terminal according to the identification information of the calling terminal;

and the first processing module is used for verifying the first signature information according to a public key in the block chain certificate of the calling terminal and establishing a network telephone connection with the calling terminal when the verification is passed.

Optionally, the query module is further configured to:

the query module is further configured to:

Optionally, the blockchain certificate includes: username type, username nature, username, public key, validity period, certificate status, and extension.

In order to achieve the above object, an embodiment of the present invention provides a network telephone processing apparatus, applied to a calling terminal, including:

the second processing module is used for signing the message header inviting the network call to obtain first signature information;

a sending module, configured to send a message inviting a network call to a called terminal, where the message carries the first signature information and identification information of the calling terminal, and the identification information is used for the called terminal to query a blockchain certificate of the calling terminal and verify the first signature information;

and the third processing module is used for establishing the network telephone connection with the called terminal when the verification is passed.

Optionally, the apparatus further comprises:

a generating module, configured to generate a blockchain certificate of the calling terminal;

the first storage processing module is used for signing the block chain certificate of the calling terminal by using a private key to obtain second signature information if the user name in the block chain certificate of the calling terminal is complete identity information, broadcasting the block chain certificate of the calling terminal and the second signature information on a block chain network, and storing the block chain certificate of the calling terminal in a block chain through a bookkeeping node of the block chain;

and the second storage processing module is used for signing the block chain certificate of the calling terminal and the complete identity information by using a private key to obtain third signature information if the user name in the block chain certificate of the calling terminal is the hash value of the complete identity information, broadcasting the block chain certificate, the complete identity information and the third signature information on a block chain network, and storing the block chain certificate of the second terminal in the block chain through an accounting node of the block chain.

In order to achieve the above object, an embodiment of the present invention provides a network telephone processing apparatus, which is applied to a network terminal, where the network terminal is an accounting node of a block chain, and the network telephone processing apparatus includes:

the acquisition module is used for acquiring the block chain certificate and the second signature information broadcast by the user terminal on the block chain network; or, the blockchain certificate, the complete identity information and the third signature information;

a fourth processing module, configured to initiate identity authentication to the user terminal when the second signature information or the third signature information passes authentication and a block chain certificate corresponding to the user terminal is not stored in a block chain or is invalid;

and the fifth processing module is configured to store the block chain certificate of the user terminal in a block chain after the identity authentication is successful, where the block chain certificate is used to authenticate signature information in a message sent by the user terminal and inviting a network call.

Optionally, the fourth processing module is further configured to:

embedding short message receiving and sending equipment in a block chain system, and sending a short message verification code to the user terminal through the short message receiving and sending equipment according to the complete identity information of the user terminal; alternatively, the first and second liquid crystal display panels may be,

Optionally, the blockchain certificates each include: username type, username nature, username, public key, validity period, certificate status, and extension.

In order to achieve the above object, an embodiment of the present invention provides a user terminal, where the user terminal is a called terminal, and the user terminal includes: a transceiver and a processor;

the transceiver is used for receiving a message for inviting network call sent by a calling terminal, wherein the message carries first signature information and identification information of the calling terminal, and the first signature information is signature information for signing a message header of the inviting network call;

the processor is used for inquiring the block chain certificate of the calling terminal according to the identification information of the calling terminal;

the processor is further configured to verify the first signature information according to a public key in the block chain certificate of the calling terminal, and establish a network telephone connection with the calling terminal when the verification is passed.

Optionally, the processor is further configured to:

and if the called terminal is a user terminal storing the lightweight blockchain, after the called terminal is linked to a trusted terminal storing a complete blockchain, inquiring the blockchain certificate of the calling terminal in the stored complete blockchain according to the identification information of the calling terminal.

the processor is further configured to:

Optionally, the blockchain certificate comprises: username type, username properties, username, public key, validity period, certificate status, and extension.

In order to achieve the above object, an embodiment of the present invention provides a user terminal, where the user terminal is a calling terminal, and the user terminal includes: a transceiver and a processor;

the processor is used for signing a message header inviting network communication to obtain first signature information;

the transceiver is used for sending a message for inviting a network call to a called terminal, wherein the message carries the first signature information and the identification information of the calling terminal, and the identification information is used for the called terminal to inquire a block chain certificate of the calling terminal and verify the first signature information;

the processor is also used for establishing a network telephone connection with the called terminal when the authentication is passed.

Optionally, the processor is further configured to:

generating a blockchain certificate of the calling terminal;

if the user name in the block chain certificate of the calling terminal is the hash value of the complete identity information, a private key is used for signing the block chain certificate of the calling terminal and the complete identity information to obtain third signature information, the block chain certificate, the complete identity information and the third signature information are broadcasted on a block chain network, and the block chain certificate of the calling terminal is stored in a block chain through a bookkeeping node of the block chain.

To achieve the above object, an embodiment of the present invention provides a network terminal, where the network terminal is an accounting node of a block chain, and the network terminal includes: a transceiver and a processor;

the transceiver is used for acquiring a block chain certificate and second signature information broadcast by a user terminal on a block chain network; or, the blockchain certificate, the complete identity information and the third signature information;

the processor is configured to initiate identity authentication to the user terminal when the second signature information or the third signature information passes authentication and a corresponding blockchain certificate of the user terminal is not stored in a blockchain or is invalid;

the processor is further configured to store, after the identity authentication is successful, a block chain certificate of the user terminal in a block chain, where the block chain certificate is used to authenticate signature information in a message sent by the user terminal, where the message invites a network call.

Optionally, the processor is further configured to:

To achieve the above object, an embodiment of the present invention provides a communication terminal, including: a processor, a memory, and a computer program stored on the memory and executable on the processor; the processor, when executing the computer program, implements the network telephone processing method applied to the called terminal, or the network telephone processing method applied to the calling terminal, or the network telephone processing method applied to the network terminal.

To achieve the above object, an embodiment of the present invention provides a computer-readable storage medium on which a computer program is stored, the computer program, when executed by a processor, implementing the method of processing a network phone as applied to a called terminal, or the method of processing a network phone as applied to a calling terminal, or the steps in the method of processing a network phone as applied to a network terminal.

The technical scheme of the invention has the following beneficial effects:

the method of the embodiment of the invention is applied to a called terminal, after receiving a message of a calling terminal inviting network communication, a block chain certificate corresponding to the calling terminal is inquired according to identification information of the calling terminal carried in the message, so that after the block chain certificate of the calling terminal is inquired, a public key in the block chain certificate is used for verifying first signature information carried in the message, and network telephone connection between the calling and the called is established when the verification is passed. Therefore, the block chain is used for storing the certificate, a trusted third party does not exist in the block chain, direct trust between the network telephone user terminals can be realized, and the problem of mutual trust between multiple CAs is solved.

Drawings

FIG. 1 is a schematic diagram of a conventional network telephone processing flow;

fig. 2 is a flowchart of a network telephone processing method applied to a called terminal according to an embodiment of the present invention;

FIG. 3 is a diagram illustrating a blockchain certificate in accordance with an embodiment of the present invention;

FIG. 4 is a schematic diagram of a processing flow of a network telephone to which the method of the embodiment of the invention is applied;

fig. 5 is a flowchart of a network telephone processing method applied to a calling terminal according to an embodiment of the present invention;

FIG. 6 is a flowchart of a method for processing a network phone applied to a network terminal according to an embodiment of the present invention;

fig. 7 is a structural diagram of a network telephone processing apparatus applied to a called terminal according to an embodiment of the present invention;

fig. 8 is a block diagram of a network telephone processing apparatus applied to a calling terminal according to an embodiment of the present invention;

FIG. 9 is a block diagram of a network telephone processing device applied to a network terminal according to an embodiment of the present invention;

fig. 10 is a structural diagram of a called terminal according to an embodiment of the present invention;

FIG. 11 is a diagram of a calling terminal according to an embodiment of the present invention

Fig. 12 is a structural diagram of a network terminal according to an embodiment of the present invention;

fig. 13 is a configuration diagram of a communication terminal according to an embodiment of the present invention.

Detailed Description

To make the technical problems, technical solutions and advantages of the present invention more apparent, the following detailed description is given with reference to the accompanying drawings and specific embodiments.

It should be appreciated that reference throughout this specification to "one embodiment" or "an embodiment" means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, the appearances of the phrases "in one embodiment" or "in an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.

In various embodiments of the present invention, it should be understood that the sequence numbers of the following processes do not mean the execution sequence, and the execution sequence of each process should be determined by the function and the inherent logic of the process, and should not constitute any limitation to the implementation process of the embodiments of the present invention.

In addition, the terms "system" and "network" are often used interchangeably herein.

In the embodiments provided herein, it should be understood that "B corresponding to a" means that B is associated with a from which B can be determined. It should also be understood that determining B from a does not mean determining B from a alone, but may be determined from a and/or other information.

As shown in fig. 2, an embodiment of the present invention provides a method for processing a network telephone, which is applied to a called terminal, and includes:

step 201, receiving a message for inviting a network call sent by a calling terminal, where the message carries first signature information and identification information of the calling terminal, and the first signature information is signature information for signing a message header of the inviting network call.

In this step, the called terminal receives a message for inviting a network call sent by the calling terminal. The first signature information carried in the message is obtained by the calling terminal signing the message header inviting the network call. Specifically, the DATA field, FROM field, and TO field in the header of the invite network call are signed. The FROM field contains the identity of the inviter (SIP uniform resource identifier URI or phone number), the TO field contains the identity of the invitee (SIP URI or phone number), and the DATA field contains the timestamp of the sending of the SIP invite message. The signature on the FROM field can guarantee the identity authenticity of the inviter, the signature on the TO field can guarantee that the identity of the invitee is not tampered, and the signature on the DATA field can prevent replay attacks. The identification information of the calling terminal carried in the message is used for inquiring the block chain certificate of the calling terminal.

Step 202, inquiring the block chain certificate of the calling terminal according to the identification information of the calling terminal.

In this embodiment, the user terminal stores the certificate used for self authentication in the blockchain, and the blockchain is used to ensure the authenticity and reliability of the certificate. Therefore, in this step, after receiving the message of inviting network call sent by the calling terminal in step 201, the blockchain certificate of the calling terminal is queried according to the identification information of the calling terminal carried in the message of inviting network call, so as to perform authentication using the certificate.

Step 203, verifying the first signature information according to the public key in the block chain certificate of the calling terminal, and establishing a network telephone connection with the calling terminal when the verification is passed.

In this step, the public key in the blockchain certificate queried in step 202 is used to verify the first signature information, so that the network telephone connection between the called terminal and the calling terminal is established when the verification of the calling terminal is completed. In consideration of the existence and validity of the certificate, the public key of the blockchain certificate is used when the blockchain certificate of the calling terminal is queried and is valid.

Therefore, through the steps, the method of the embodiment of the invention is applied to the called terminal, after receiving the message of the calling terminal inviting the network call, the block chain certificate corresponding to the calling terminal is inquired according to the identification information of the calling terminal carried in the message, so that after the block chain certificate of the calling terminal is inquired, the public key in the block chain certificate is used for verifying the first signature information carried in the message, and when the verification is passed, the network telephone connection between the calling party and the called party is established. Therefore, the block chain is used for storing the certificate, a trusted third party does not exist in the block chain, direct trust between the network telephone user terminals can be realized, and the problem of mutual trust between multiple CAs is solved.

It should be appreciated that in this embodiment, in order to facilitate authentication during the voice over internet protocol connection, the user terminal generates and stores a respective blockchain certificate to the blockchain. Therefore, before the calling terminal sends the message for inviting the network conversation, a block chain certificate of the calling terminal is generated; if the user name in the generated block chain certificate is complete identity information, signing the block chain certificate of the calling terminal by using a private key to obtain second signature information, broadcasting the block chain certificate of the calling terminal and the second signature information on a block chain network, and storing the block chain certificate of the calling terminal in the block chain through an accounting node of the block chain; if the generated user name in the block chain certificate is the hash value of the complete identity information, the block chain certificate and the complete identity information of the calling terminal are signed by using a private key to obtain third signature information, the block chain certificate, the complete identity information and the third signature information of the calling terminal are broadcasted on a block chain network, and the block chain certificate of the second terminal is stored in the block chain through an accounting node of the block chain.

Here, the calling terminal may generate its own block chain certificate first. Since the user name in the block chain certificate may be complete identity information of the terminal, such as an SIP URI or a phone number, or may be a hash value of the complete identity information of the terminal, in order to ensure correct storage of the certificate by the accounting node, after the block chain certificate is generated, a distinguishing process is performed for specific implementation of the user name in the block chain certificate: if the user name is complete identity information, only using a private key to sign the block chain certificate, broadcasting the block chain certificate and the obtained corresponding signature information on a block chain network, and then storing the block chain certificate in the block chain through a bookkeeping node of the block chain; if the user name is the hash value of the complete identity information, the block chain certificate and the complete identity information are signed by using a private key, the block chain certificate, the complete identity information and the obtained corresponding signature information are broadcasted on a block chain network, and then the block chain certificate is stored in the block chain through a bookkeeping node of the block chain.

Wherein the accounting node is determined by a block chain consensus mechanism. Based on the content broadcast by the terminal on the blockchain network, the accounting node verifies the signature information, and sends an identity verification request to the terminal again under the condition that the blockchain certificate corresponding to the terminal is not stored in the blockchain or is invalid, and stores the blockchain certificate corresponding to the terminal in the blockchain after the identity verification is successful.

Specifically, the accounting node can ensure the integrity of the block chain certificate and the user name of the terminal by verifying the signature information. Before storage, the accounting node searches whether the user name of the block chain certificate in the block chain is renamed with the user name of the block chain certificate to be stored. If the block chain certificate is duplicated and the state of the duplicated latest certificate on the block chain is a valid state, the accounting node refuses the storage application of the block chain certificate to be stored; and if the state of the latest certificate with the duplicate name but the duplicate name on the block chain is an invalid state or the state of the latest certificate without the duplicate name exists, initiating an identity authentication request to the terminal.

And initiating an identity verification request to the terminal, wherein the identity verification request can be that the accounting node embeds short message transceiving equipment such as a Short Message Service (SMS) module in the block chain system, sends a short message verification code to the terminal through the short message transceiving equipment according to the complete identity information of the terminal, and then compares the short message verification code returned by the terminal. And when the comparison result shows that the two verification codes are the same, determining the identity authenticity of the block chain certificate to be stored. The complete identity information of the terminal according to which the short message authentication code is sent may be carried in a block chain certificate or broadcast directly on the network. After the identity of the block chain certificate is successfully verified, the accounting node writes the block chain certificate into the block, and after the waiting time required by the system is over, the block is written into the block chain. If the user name is the hash value of the complete identity information, the accounting node only writes the block chain certificate into the block, and the complete identity information of the user terminal is not written into the block.

Certainly, the calling terminal is not limited to store its own blockchain certificate in the blockchain, and the called terminal may also store its own blockchain certificate in the blockchain by using the same implementation manner, which is not described herein again.

Optionally, as shown in fig. 3, the block chain certificate 300 includes: username type, username nature, username, public key, validity period, certificate status, and extension.

The calling terminal generated block chain certificate mainly comprises a user name type, a user name property, a user name, a public key, a validity period, a certificate state and an extension item. Specifically, the method comprises the following steps:

user name type: and the mark is used for distinguishing different user types, such as telephone numbers, SIP URIs and the like.

The user name property: to distinguish whether the username is anonymous or real. The username anonymity is to protect the privacy of the user.

User name: the user applies for the name used for the blockchain certificate. For the VOIP system, if the property of the user name is a real name, the user name is the user name of the FROM field in the SIP invitation message, namely the complete identity information of the terminal; if the username property is anonymous, the username is a hash of the username in the FROM field.

Public key: generated by the certificate applicant whose corresponding private key is kept secret by the certificate applicant. In order to make the length of the certificate as short as possible to save its storage space on the blockchain, the certificate applicant preferably employs an elliptic Curve key algorithm (ECC) in generating the public-private key pair.

The validity period is as follows: the point in time when the certificate can start to be used and the point in time when it is no longer valid.

And (4) an extension item: and is reserved for standby.

Status of certificate: two states: valid and invalid.

The generated blockchain certificate may use a standard format, such as a standard x.509 format, but since there is no trusted third party in the network of the blockchain, the certificate signature uses a self-signature, rather than a digital signature of the third party. The blockchain certificate may also use a custom format, which differs from the x.509 format in that it does not contain a signature for the certificate information, since the authenticity and authenticity of the blockchain certificate is guaranteed by the blockchain and not by a digital signature of a third party, and there is no trusted third party in the network of blockchain. And when the user terminal generates the block chain certificate, the certificate status is marked as valid.

It should also be appreciated that in this embodiment, since the called terminal may be a user terminal storing a complete blockchain, or a user terminal storing a lightweight blockchain, and cannot complete the lookup of the blockchain certificate of the calling terminal, optionally, step 202 includes:

Thus, for a called terminal storing a complete blockchain, the called terminal can directly inquire the blockchain certificate of the calling terminal in the stored complete blockchain according to the identification information of the calling terminal; for a called terminal storing a lightweight blockchain, the called terminal needs to be linked to a trusted terminal storing a full blockchain, via which the blockchain certificate of the calling terminal is queried in its stored full blockchain.

In addition, optionally, the identification information of the calling terminal includes a user name of the calling terminal, where the user name is complete identity information or a hash value of the complete identity information;

accordingly, step 202 includes:

Specifically, if the user name is the complete identity information of the terminal, the called terminal initiates query by using a local block chain or a block chain stored at a remote end of the user name, and if the user name to be queried is not retrieved on the block chain, the called terminal initiates query by using the local block chain or the block chain stored at the remote end of the hash value of the user name in the FROM field in the SIP message again. And if the user name is the hash value of the complete identity information of the terminal, directly using the hash value to initiate query in a local block chain or a block chain stored at a remote end.

However, if the username to be queried is not retrieved on the blockchain, the query is terminated and an error message is returned to the user (credentials are not present). If so, checking the latest block chain certificate corresponding to the user name. If the state of the certificate is an invalid state, returning error information to the user (the certificate exists but the state is invalid); if the state of the certificate is a valid state but the validity period passes, returning error information to the user (the certificate exists but the validity period passes); if the status of the certificate is valid and within the valid period, the certificate is the blockchain certificate of the calling terminal which the called terminal wants to acquire.

As shown in fig. 4, a user terminal a (calling terminal) sends a message (SIP invite message) inviting a network call TO a user terminal B (called terminal), and the user terminal a itself signs a DATA field, a FROM field, and a TO field in a header of the SIP invite message. Assume that user terminal a stores a valid blockchain certificate generated by itself in the blockchain. After receiving the message inviting the network call, the user terminal B initiates an inquiry in a local block chain or a block chain stored at a remote end by using the identification information of the calling terminal in the message, and after inquiring the block chain certificate stored in the block chain by the user terminal a, the user terminal B can verify the signature information in the message by using the public key in the certificate based on the block chain certificate, if the verification succeeds, the authenticity of the identity of the user terminal a is proved, and if the verification succeeds, the network telephone connection between the calling party and the called party is established, so that the network telephone is realized.

In summary, the method of the embodiment of the present invention is applied to a called terminal, and after receiving a message of a calling terminal inviting a network call, the called terminal queries a block chain certificate corresponding to the calling terminal according to identification information of the calling terminal carried in the message, so that after querying the block chain certificate of the calling terminal, a public key in the block chain certificate is used to verify first signature information carried in the message, and when the verification passes, a network telephone connection between the calling and the called is established. Therefore, the block chain is used for storing the certificate, a trusted third party does not exist in the block chain, direct trust between the network telephone user terminals can be realized, and the problem of mutual trust between multiple CAs is solved.

As shown in fig. 5, an embodiment of the present invention further provides a network telephone processing method, which is applied to a calling terminal, and includes:

step 501, signing a message header of the invitation network call to obtain first signature information.

Specifically, the DATA field, FROM field, and TO field in the header of the invite network call are signed. The FROM field contains the identity of the inviter (SIP uniform resource identifier URI or phone number), the TO field contains the identity of the invitee (SIP URI or phone number), and the DATA field contains the timestamp of the sending of the SIP invite message. The signature on the FROM field can ensure the identity authenticity of the inviter, the signature on the TO field can ensure that the identity of the invitee is not tampered, and the signature on the DATA field can prevent replay attacks.

Step 502, sending a message inviting a network call to a called terminal, where the message carries the first signature information and identification information of the calling terminal, and the identification information is used for the called terminal to query a blockchain certificate of the calling terminal and verify the first signature information.

The calling terminal sends a message for inviting the network conversation to the called terminal. The message includes the first signature information obtained by the signature in step 501 and the identification information of the calling terminal, so that after the called terminal receives the message, the called terminal can query the blockchain certificate based on the identification information of the calling terminal, and verify the first signature information by using the public key in the blockchain certificate, thereby completing the identity verification of the calling terminal.

And step 503, establishing a network telephone connection with the called terminal when the verification is passed.

Therefore, when the called terminal completes the identity verification of the calling terminal, namely the verification is passed, the network telephone connection between the calling party and the called party can be established. Therefore, the block chain is used for storing the certificate, a trusted third party does not exist in the block chain, direct trust between the network telephone user terminals can be realized, and the problem of mutual trust between multiple CAs is solved.

Optionally, before step 502, further comprising:

generating a blockchain certificate of the calling terminal;

if the user name in the block chain certificate of the calling terminal is the hash value of the complete identity information, signing the block chain certificate of the calling terminal and the complete identity information by using a private key to obtain third signature information, broadcasting the block chain certificate, the complete identity information and the third signature information on a block chain network, and storing the block chain certificate of the calling terminal in the block chain through a bookkeeping node of the block chain.

Here, the calling terminal may first generate its own block chain certificate. Since the user name in the block chain certificate may be the complete identity information of the terminal, such as an SIP URI or a phone number, or may be a hash value of the complete identity information of the terminal, in order to ensure correct storage of the certificate by the accounting node, after the block chain certificate is generated, a distinction process is performed for specific implementation of the user name in the block chain certificate: if the user name is complete identity information, only using a private key to sign the block chain certificate, broadcasting the block chain certificate and the obtained corresponding signature information on a block chain network, and then storing the block chain certificate in the block chain through a bookkeeping node of the block chain; if the user name is the hash value of the complete identity information, the block chain certificate and the complete identity information are signed by using a private key, the block chain certificate, the complete identity information and the obtained corresponding signature information are broadcasted on a block chain network, and then the block chain certificate is stored in a block chain through a bookkeeping node of the block chain.

Specifically, the method comprises the following steps:

User name: the user applies for the name used for the blockchain certificate. For the VOIP system, if the property of the user name is a real name, the user name is the user name of the FROM field in the SIP invitation message, namely the complete identity information of the terminal; if the username property is anonymous, the username is a hash of the FROM field username.

Public key: generated by the certificate applicant, whose corresponding private key is kept secret by the certificate applicant. In order to make the length of the certificate as short as possible to save its storage space on the blockchain, the certificate applicant preferably employs an elliptic Curve key algorithm (ECC) in generating the public-private key pair.

Extension item: and is reserved for standby.

Status of certificate: two states: valid and invalid.

It should be noted that the method is matched with the network telephone processing method applied to the called terminal, so as to realize the direct verification of the calling identity by using the block chain certificate, and overcome the problem of multi-CA trust.

As shown in fig. 6, an embodiment of the present invention provides a network telephone processing method, which is applied to a network terminal, where the network terminal is an accounting node of a block chain, and the method includes:

step 601, obtaining a block chain certificate and second signature information broadcast by a user terminal on a block chain network; alternatively, the blockchain certificate, the full identity information, and the third signature information.

The second signature information is obtained by using a private key to sign the block chain certificate, and the third signature information is obtained by using the private key to sign the block chain certificate and the complete identity information of the user terminal.

Step 602, when the second signature information or the third signature information passes verification and a blockchain certificate corresponding to the user terminal is not stored in a blockchain or is invalid, initiating identity verification to the user terminal;

step 603, after the identity authentication is successful, storing a block chain certificate of the user terminal in a block chain, where the block chain certificate is used to authenticate signature information in a message sent by the user terminal to invite a network call.

In the method of the embodiment of the present invention, based on the content broadcast by the user terminal on the blockchain network, the accounting node may further initiate an identity verification request to the user terminal when the corresponding signature information (the second signature information or the third signature information) passes verification and the blockchain certificate corresponding to the user terminal is not stored in the blockchain or the blockchain certificate corresponding to the user terminal is invalid, so as to avoid malicious tampering with the certificate. Therefore, after the identity authentication of the user terminal is successful, the real and effective block chain certificate of the user terminal can be stored in the block chain. And the blockchain certificate can be obtained by the called terminal based on the information inquiry of the invitation network call under the condition that the information of the invitation network call sent by the calling terminal is sent to the called terminal, so that the direct verification of the calling identity is realized by using the blockchain certificate, and the problem of multi-CA trust is solved.

Specifically, the network terminal using the method of the embodiment of the present invention is used as a billing node, and can ensure the integrity of the block chain certificate and the complete identity information of the terminal by verifying the signature information broadcast by the user terminal. In order to realize the uniqueness and validity of the block chain certificate, before the block chain certificate is stored, the accounting node searches whether the user name of the block chain certificate in the block chain is duplicated with the user name of the block chain certificate to be stored. If the block chain certificate is duplicated and the state of the duplicated latest certificate on the block chain is a valid state, the accounting node refuses the storage application of the block chain certificate to be stored; and if the state of the latest certificate with the duplicate name but the duplicate name on the block chain is an invalid state or the state of the latest certificate without the duplicate name exists, initiating an identity authentication request to the terminal.

Optionally, in step 602, initiating authentication to the user terminal includes:

And initiating an identity verification request to the terminal, wherein the identity verification request can be that the accounting node embeds a short message transceiving device such as an SMS module in the block chain system, sends a short message verification code to the terminal through the short message transceiving device according to the complete identity information of the terminal, and then compares the short message verification code returned by the terminal. And when the comparison result shows that the two verification codes are the same, determining the identity authenticity of the block chain certificate to be stored. The complete identity information of the terminal according to which the short message authentication code is sent may be carried in a block chain certificate or broadcast directly on the network. After the identity of the block chain certificate is successfully verified, the accounting node writes the block chain certificate into the block, and after the waiting time required by the system is over, the block is written into the block chain. If the user name is the hash value of the complete identity information, the accounting node only writes the block chain certificate into the block, and the complete identity information of the user terminal is not written into the block.

It should be noted that, the method is matched with the above network telephone processing method applied to the user terminal, the blockchain certificate of the user terminal is stored, and the blockchain certificate can be subsequently obtained by the called terminal based on the message query of inviting the network call under the condition that the message of inviting the network call sent by the calling terminal is sent to the called terminal, so that the direct verification of the calling identity by using the blockchain certificate is realized, and the problem of multi-CA trust is overcome.

As shown in fig. 7, an embodiment of the present invention provides a network telephone processing apparatus, which is applied to a called terminal, and includes:

a receiving module 710, configured to receive a message sent by a calling terminal for inviting a network call, where the message carries first signature information and identification information of the calling terminal, and the first signature information is signature information for signing a message header of the inviting network call;

the query module 720 is configured to query the blockchain certificate of the calling terminal according to the identification information of the calling terminal;

the first processing module 730 is configured to verify the first signature information according to the public key in the blockchain certificate of the calling terminal, and establish a network telephone connection with the calling terminal when the verification passes.

Optionally, the query module is further configured to:

the query module is further configured to:

The device is applied to a called terminal, after a message of a calling terminal inviting network communication is received, a block chain certificate corresponding to the calling terminal is inquired according to identification information of the calling terminal carried in the message, so that after the block chain certificate of the calling terminal is inquired, a public key in the block chain certificate is used for verifying first signature information carried in the message, and when the verification is passed, network telephone connection between a calling party and a called party is established. Therefore, the block chain is used for storing the certificate, a trusted third party does not exist in the block chain, direct trust between the network telephone user terminals can be realized, and the problem of mutual trust between multiple CAs is solved.

It should be noted that, the apparatus is an implementation manner of the above-mentioned network telephone processing method applied to the called terminal, and the same technical effect can be achieved by applying the above-mentioned implementation manner to the embodiment of the network telephone processing method applied to the called terminal.

As shown in fig. 8, an embodiment of the present invention provides a network telephone processing apparatus, applied to a calling terminal, including:

the second processing module 810 is configured to sign a message header of the invitation network call to obtain first signature information;

a sending module 820, configured to send a message inviting a network call to a called terminal, where the message carries the first signature information and identification information of the calling terminal, and the identification information is used for the called terminal to query a blockchain certificate of the calling terminal and verify the first signature information;

and a third processing module 830 for establishing a network telephone connection with the called terminal when the authentication is passed.

Optionally, the apparatus further comprises:

a generating module, configured to generate a block chain certificate of the calling terminal;

The device is applied to a calling terminal, firstly, a message header inviting network communication is signed to obtain first signature information, then, the message inviting network communication is sent to a called terminal, so that the called terminal inquires a block chain certificate based on identification information of the calling terminal carried by the message, and a public key in the block chain certificate is used for verifying the first signature information, therefore, when the called terminal completes identity verification of the calling terminal, namely verification is passed, network telephone connection between a calling party and a called party can be established. Therefore, the block chain is used for storing the certificate, a trusted third party does not exist in the block chain, direct trust between the network telephone user terminals can be realized, and the problem of mutual trust between multiple CAs is solved.

It should be noted that, the device is an implementation manner of the foregoing network telephone processing method applied to the calling terminal, and the same technical effect can be achieved by applying the implementation manner of the foregoing network telephone processing method applied to the calling terminal to the device.

As shown in fig. 9, an embodiment of the present invention provides a network telephone processing apparatus, which is applied to a network terminal, where the network terminal is an accounting node of a block chain, and the network telephone processing apparatus includes:

an obtaining module 910, configured to obtain a blockchain certificate and second signature information broadcast by a user terminal on a blockchain network; or, the block chain certificate, the complete identity information and the third signature information;

a fourth processing module 920, configured to initiate identity authentication to the user terminal when the second signature information or the third signature information passes authentication and a corresponding blockchain certificate of the user terminal is not stored in a blockchain or is invalid;

a fifth processing module 930, configured to store, after the identity authentication is successful, a block chain certificate of the user terminal in a block chain, where the block chain certificate is used to authenticate signature information in a message sent by the user terminal, where the message invites a network call.

Optionally, the fourth processing module is further configured to:

The device, based on the content broadcast by the user terminal on the blockchain network, can further initiate an identity authentication request for the user terminal to the user terminal under the condition that the corresponding signature information passes the authentication and the blockchain certificate corresponding to the user terminal is not stored in the blockchain or the blockchain certificate corresponding to the user terminal is invalid, so as to avoid maliciously tampering the certificate. Therefore, after the identity authentication of the user terminal is successful, the real and effective block chain certificate of the user terminal can be stored in the block chain. And the blockchain certificate can be obtained by the called terminal based on the information inquiry of the invitation network call under the condition that the information of the invitation network call sent by the calling terminal is sent to the called terminal, so that the direct verification of the calling identity is realized by using the blockchain certificate, and the problem of multi-CA trust is solved.

The device is an implementation manner of the above network telephone processing method applied to the network terminal, and the same technical effect can be achieved by applying the device to the implementation manner of the embodiment of the network telephone processing method applied to the network terminal.

As shown in fig. 10, an embodiment of the present invention provides a user terminal, where the user terminal is a called terminal 1000, and the user terminal includes: a transceiver 1010 and a processor 1020.

The transceiver 1010 is configured to receive a message sent by a calling terminal to invite a network call, where the message carries first signature information and identification information of the calling terminal, and the first signature information is signature information for signing a message header of the network call invitation;

the processor 1020 is configured to query a blockchain certificate of the calling terminal according to the identification information of the calling terminal;

the processor 1020 is further configured to verify the first signature information according to a public key in the block chain certificate of the calling terminal, and establish a network telephone connection with the calling terminal when the verification is passed.

Optionally, the processor 1020 is further configured to:

the processor 1020 is further configured to:

Optionally, the blockchain certificate comprises: username type, username nature, username, public key, validity period, certificate status, and extension.

Therefore, after receiving the message of the calling terminal inviting the network call, the called terminal queries the block chain certificate corresponding to the calling terminal according to the identification information of the calling terminal carried in the message, so that after querying the block chain certificate of the calling terminal, the public key in the block chain certificate is used for verifying the first signature information carried in the message, and when the verification is passed, the network telephone connection between the calling and called parties is established. Therefore, the block chain is used for storing the certificate, a trusted third party does not exist in the block chain, direct trust between the network telephone user terminals can be realized, and the problem of mutual trust between multiple CAs is solved.

As shown in fig. 11, an embodiment of the present invention provides a user terminal, where the user terminal is a calling terminal 1100, and the user terminal includes: a transceiver 1110 and a processor 1120.

The processor 1120 is configured to sign a message header of the invite network call to obtain first signature information;

the transceiver 1110 is configured to send a message inviting a network call to a called terminal, where the message carries the first signature information and identification information of the calling terminal, and the identification information is used for the called terminal to query a block chain certificate of the calling terminal and verify the first signature information;

the processor 1120 is further configured to establish a voice over internet protocol connection with the called terminal when the authentication is passed.

Optionally, the processor 1120 is further configured to:

generating a blockchain certificate of the calling terminal;

Therefore, the calling terminal firstly signs a message header inviting the network call to obtain first signature information, and then sends the message inviting the network call to the called terminal, so that the called terminal inquires a block chain certificate based on the identification information of the calling terminal carried by the message, and verifies the first signature information by using a public key in the block chain certificate, and thus, when the called terminal completes the identity verification of the calling terminal, namely the verification is passed, the network telephone connection between the calling and the called can be established. Therefore, the block chain is used for storing the certificate, a trusted third party does not exist in the block chain, direct trust between the network telephone user terminals can be realized, and the problem of mutual trust between multiple CAs is solved.

As shown in fig. 12, an embodiment of the present invention provides a network terminal 1200, where the network terminal is an accounting node of a block chain, and the network terminal includes: a transceiver 1210 and a processor 1220;

the transceiver 1210 is configured to acquire a blockchain certificate and second signature information broadcast by a user terminal on a blockchain network; or, the blockchain certificate, the complete identity information and the third signature information;

the processor 1220 is configured to initiate identity authentication to the user terminal if the second signature information or the third signature information passes authentication and a corresponding blockchain certificate of the user terminal is not stored in a blockchain or is invalid;

the processor 1220 is further configured to store, after the identity authentication is successful, a block chain certificate of the user terminal in a block chain, where the block chain certificate is used to authenticate signature information in a message sent by the user terminal and inviting a network call.

Optionally, the processor 1220 is further configured to:

The network device, based on the content broadcast by the user terminal on the blockchain network, may further initiate an identity authentication request to the user terminal to avoid malicious tampering of the certificate, when the corresponding signature information passes the authentication, and the blockchain certificate corresponding to the user terminal is not stored in the blockchain or is invalid. Therefore, after the identity authentication of the user terminal is successful, the real and effective block chain certificate of the user terminal can be stored in the block chain. The blockchain certificate can be obtained by the called terminal based on the inquiry of the message inviting the network call under the condition that the message inviting the network call sent by the calling terminal is sent to the called terminal, so that the direct verification of the calling identity is realized by using the blockchain certificate, and the problem of multi-CA trust is overcome.

As shown in fig. 13, a communication terminal according to another embodiment of the present invention includes: a processor 1300, a memory 1320, and a computer program stored on the memory 1320 and operable on the processor 1300; the processor 1300, when executing the computer program, implements the network telephone processing method applied to the called terminal as described above, or the network telephone processing method applied to the calling terminal as described above, or the network telephone processing method applied to the network terminal as described above.

The communication terminal further includes a transceiver 1310 for receiving and transmitting data under the control of the processor 1300.

In fig. 13, among other things, the bus architecture may include any number of interconnected buses and bridges with various circuits being linked together, particularly one or more processors represented by processor 1300 and memory represented by memory 1320. The bus architecture may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. The bus interface provides an interface. The transceiver 1310 may be a number of elements including a transmitter and a receiver that provide a means for communicating with various other apparatus over a transmission medium. The processor 1300 is responsible for managing the bus architecture and general processing, and the memory 1320 may store data used by the processor 1300 in performing operations.

A computer-readable storage medium according to an embodiment of the present invention stores thereon a computer program, and when executed by a processor, the computer program implements the above-described network telephone processing method applied to a called terminal, or the above-described network telephone processing method applied to a calling terminal, or the above-described steps of the network telephone processing method applied to a network terminal, and can achieve the same technical effects, and therefore, the description thereof is omitted here to avoid repetition. The computer-readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.

It is further noted that the user terminals described in this specification include, but are not limited to, smart phones, tablet computers, etc., and that many of the features described are referred to as modules in order to more particularly emphasize their implementation independence.

In embodiments of the present invention, modules may be implemented in software for execution by various types of processors. An identified module of executable code may, for instance, comprise one or more physical or logical blocks of computer instructions which may, for instance, be constructed as an object, procedure, or function. Nevertheless, the executables of an identified module need not be physically located together, but may comprise disparate instructions stored in different bits which, when joined logically together, comprise the module and achieve the stated purpose for the module.

Indeed, a module of executable code may be a single instruction, or many instructions, and may even be distributed over several different code segments, among different programs, and across several memory devices. Similarly, operational data may be identified within modules, and may be embodied in any suitable form and organized within any suitable type of data structure. The operational data may be collected as a single data set, or may be distributed over different locations including over different storage devices, and may exist, at least partially, merely as electronic signals on a system or network.

When a module can be implemented by software, considering the level of existing hardware technology, a module implemented by software may build a corresponding hardware circuit to implement a corresponding function, without considering cost, and the hardware circuit may include a conventional Very Large Scale Integration (VLSI) circuit or a gate array and an existing semiconductor such as a logic chip, a transistor, or other discrete components. A module may also be implemented in programmable hardware devices such as field programmable gate arrays, programmable array logic, programmable logic devices or the like.

The exemplary embodiments described above are described with reference to the drawings, and many different forms and embodiments of the invention may be made without departing from the spirit and teaching of the invention, therefore, the invention is not to be construed as limited to the exemplary embodiments set forth herein. Rather, these exemplary embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. In the drawings, the size and relative sizes of elements may be exaggerated for clarity. The terminology used herein is for the purpose of describing particular example embodiments only and is not intended to be limiting. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. Unless otherwise indicated, a range of values, when stated, includes the upper and lower limits of the range, and any subranges therebetween.

While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the appended claims.

Claims

1. A network telephone processing method is applied to a called terminal and is characterized by comprising the following steps:

verifying the first signature information according to a public key in the block chain certificate of the calling terminal, and establishing network telephone connection with the calling terminal when the verification is passed;

the identification information of the calling terminal comprises a user name of the calling terminal, and the block chain certificate comprises user name properties;

under the condition that the property of the user name is a real name, the user name is complete identity information, and under the condition that the property of the user name is anonymous, the user name is a hash value of the complete identity information; the querying a blockchain certificate of the calling terminal according to the identification information of the calling terminal includes:

if the called terminal is a user terminal storing a lightweight blockchain, after the called terminal is linked to a trusted terminal storing a complete blockchain, inquiring a blockchain certificate of the calling terminal in the stored complete blockchain according to the identification information of the calling terminal;

before receiving the message for inviting the network call sent by the calling terminal, the method further comprises the following steps:

the calling terminal generates a block chain certificate;

if the user name in the block chain certificate of the calling terminal is complete identity information, the calling terminal signs the block chain certificate of the calling terminal by using a private key to obtain second signature information;

if the user name in the block chain certificate of the calling terminal is the hash value of the complete identity information, the calling terminal signs the block chain certificate of the calling terminal and the complete identity information by using a private key to obtain third signature information;

verifying the calling terminal through a bookkeeping node of the block chain;

the verifying the calling terminal through the accounting node of the block chain comprises the following steps:

the accounting node acquires a block chain certificate and second signature information broadcast by the calling terminal on a block chain network; or, the blockchain certificate, the complete identity information and the third signature information;

initiating identity verification to the calling terminal under the condition that the second signature information or the third signature information passes verification and a block chain certificate corresponding to the calling terminal is not stored in a block chain or is invalid;

and after the identity authentication is successful, storing a block chain certificate of the calling terminal in a block chain, wherein the block chain certificate is used for verifying signature information in a message which is sent by the calling terminal and used for inviting a network call.

2. The method according to claim 1, wherein the querying the stored full blockchain for the blockchain certificate of the calling terminal according to the identification information of the calling terminal comprises:

3. The method of claim 2, wherein the initiating authentication with the calling terminal comprises:

embedding short message receiving and sending equipment in a block chain system, and sending a short message verification code to the calling terminal through the short message receiving and sending equipment according to the complete identity information of the calling terminal; alternatively, the first and second liquid crystal display panels may be,

and triggering external short message transceiving equipment to send a short message verification code to the calling terminal according to the complete identity information of the calling terminal.

4. The method of claim 2, wherein the blockchain certificate further comprises: username type, username, public key, validity period, certificate status, and extension.

5. A network telephone processing method is applied to a calling terminal and is characterized by comprising the following steps:

sending a message for inviting a network call to a called terminal, wherein the message carries the first signature information and identification information of the calling terminal, and the identification information is used for the called terminal to inquire a block chain certificate of the calling terminal and verify the first signature information;

establishing a network telephone connection with the called terminal when the verification is passed;

before the sending the message for inviting the network call to the called terminal, the method further includes:

generating a blockchain certificate of the calling terminal; if the user name in the block chain certificate of the calling terminal is complete identity information, signing the block chain certificate of the calling terminal by using a private key to obtain second signature information;

if the user name in the block chain certificate of the calling terminal is the hash value of the complete identity information, signing the block chain certificate of the calling terminal and the complete identity information by using a private key to obtain third signature information;

verifying the calling terminal through the accounting node of the block chain;

6. The method of claim 5, wherein the initiating authentication with the calling terminal comprises:

embedding short message receiving and sending equipment in a block chain system, and sending a short message verification code to the calling terminal through the short message receiving and sending equipment according to the complete identity information of the calling terminal; alternatively, the first and second electrodes may be,

7. A network telephone processing device is applied to a called terminal and is characterized by comprising:

the receiving module is used for receiving a message for inviting network call sent by a calling terminal, wherein the message carries first signature information and identification information of the calling terminal, and the first signature information is signature information for signing a message header of the inviting network call;

the first processing module is used for verifying the first signature information according to a public key in the block chain certificate of the calling terminal and establishing a network telephone connection with the calling terminal when the verification is passed;

under the condition that the property of the user name is a real name, the user name is complete identity information, and under the condition that the property of the user name is anonymous, the user name is a hash value of the complete identity information;

the query module is further configured to query, if the called terminal is a user terminal storing a complete blockchain, a blockchain certificate of the calling terminal in the stored complete blockchain according to the identification information of the calling terminal;

the calling terminal generates a block chain certificate;

verifying the calling terminal through the accounting node of the block chain;

the accounting node acquires a block chain certificate and second signature information broadcast by the calling terminal on a block chain network; or, the block chain certificate, the complete identity information and the third signature information;

8. A network telephone processing apparatus applied to a calling terminal, comprising:

the second processing module is used for signing the message header of the invitation network conversation to obtain first signature information;

a sending module, configured to send a message inviting a network call to a called terminal, where the message carries the first signature information and identification information of the calling terminal, and the identification information is used for the called terminal to query a block chain certificate of the calling terminal and verify the first signature information;

the third processing module is used for establishing the network telephone connection with the called terminal when the verification is passed;

if the user name in the block chain certificate of the calling terminal is complete identity information, signing the block chain certificate of the calling terminal by using a private key to obtain second signature information;

verifying the calling terminal through the accounting node of the block chain; the verifying the calling terminal through the accounting node of the block chain comprises the following steps:

9. A user terminal, which is a called terminal, comprising: a transceiver and a processor;

the processor is further used for verifying the first signature information according to a public key in the block chain certificate of the calling terminal, and establishing a network telephone connection with the calling terminal when the verification is passed;

the identification information of the calling terminal comprises a user name of the calling terminal, and the block chain certificate comprises a user name property;

the processor is further configured to query a block chain certificate of the calling terminal in the stored complete block chain according to the identification information of the calling terminal if the called terminal is a user terminal storing the complete block chain;

the calling terminal generates a block chain certificate;

verifying the user terminal through the accounting node of the block chain;

and after the identity authentication is successful, storing the block chain certificate of the calling terminal in a block chain, wherein the block chain certificate is used for verifying signature information in a message which is sent by the calling terminal and used for inviting the network call.

10. A user terminal, which is a calling terminal, comprising: a transceiver and a processor;

the processor is used for signing a message header of the invitation network call to obtain first signature information;

the processor is also used for establishing a network telephone connection with the called terminal when the verification is passed;

generating a blockchain certificate for the calling terminal, the blockchain certificate including a username property;

the processor is further configured to generate a blockchain certificate of the calling terminal;

verifying the user terminal through the accounting node of the block chain;

11. A communication terminal, comprising: a processor, a memory, and a computer program stored on the memory and executable on the processor; characterized in that the processor implements the network telephone processing method according to any one of claims 1 to 4 or the network telephone processing method according to claim 5 or 6 when executing the computer program.

12. A computer-readable storage medium on which a computer program is stored, the computer program, when being executed by a processor, implementing the network telephone processing method according to any one of claims 1 to 4 or the network telephone processing method according to claim 5 or 6.